Skytalks is a 'sub-conference' that gives a unique platform for
researchers to share their research, for angry hackers to rant about
the issues of their industry, and for curious souls to probe
interesting issues, all without the watchful eye of the rest of the
world. With a strict, well-enforced "no recording" policy, research
that is...

Typically we try to device attackers into different groups, all the way from Script Kiddies (no resources, no skills, quite a bit of time/persistance) to more advanced state sponsored attackers (lots of resources, decent skills and ability to conduct long lasting persistent attacks).

So it was a bit odd to see an attack against a rather old vulnerability in DeDeCMS">The attack:

DeDeCMSis a Drupal like content management system popular in China [1]. Exploits like the one above have been used at least since 2013 [2]. The site that was attacked above does not use DeDeCMS, so the attacker did not do any recognizance.

The attacker also doesnt bother modifying the user agent and keep the Python-urllib/2.7 user agent indicating that the tool used to conduct the scan was written in Python. Many web application firewalls would block the request just for using that user agent.

The SQL statement that is being attempted:

SELECT 1 FROM(select count(*),concat(floor(rand(0)*2),(SELECT/**/concat(0x5f,userid,0x5f,pwd,0x5f) from dede_admin Limit 0,1))a from information_schema.tables group by a)b)]=1

A nice piece of SQL obfuscation, but I believe the goal is to retrieve the first username and password from the dede_admin table.

Sort of interesting: These were not the only attacks from these two IP addresses, and they did start out with some recognizance:

GET / HTTP/1.1 301 178 - +http://www.google.com/bot.html)

Here they spoof the Google user agent. The even first try out the plus/search.php URL:

An estimated 500 million Android phones don't completely wipe data when
their factory reset option is run, a weakness that may allow the recovery
of login credentials, text messages, e-mails, and contacts, computer
scientists said Thursday.

Infosec practitioners face host of challengesITWebBoshoff says infosec improvements are being hindered by a lack of buy-in and support from business. "It is very difficult for security practitioners to successfully implement security protocols within an organisation when they have resistance from the ...

E-mail addresses, sexual orientations, and other sensitive details from almost four million AdultFriendFinder.com subscribers have been leaked onto the Internet following a hack that rooted the casual dating service, security researchers said.

The cache includes more than 3.8 million unique e-mail addresses of current and former subscribers, Australian security researcher Troy Hunt reported early Friday morning. The data, which is in the form of 15 Microsoft Excel spreadsheets, was first seeded to anonymous sites hosted on the Tor privacy network. It has since spread to sites on the open Internet. Links to sites hosting the data are easily found on Twitter and other social networking sites, (Ars isn't publishing the locations).

The compromise was first reported by British broadcaster Channel 4. In addition to including e-mail addresses and the sexual orientations of users, the data also provided other sensitive information, such as ages, zip codes, and whether the subscriber was seeking an extramarital affair. The trove included information for deleted accounts as well as those still current.

FBI agents can’t point to any major terrorism cases they’ve cracked thanks
to the key snooping powers in the Patriot Act, the Justice Department’s
inspector general said in a report Thursday that could complicate efforts
to keep key parts of the law operating.

Internet users in Korea are notoriously more exposed to security risks
than their counterparts in other countries, partly because their password
hints are too easy to guess, Google analysis released Thursday shows.

The search giant analyzed security questions selected by the users around
the world to help them when they forget the password....